EMET | Breaking Cybersecurity News | The Hacker News

Ransomware Ransomware Everywhere Not a Single Place to Hide! But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks. Two massive ransomware attacks — WannaCry and Petya (also known as NotPetya ) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations. Most ransomware in the market, including WannaCry and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats. But not now! In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform. To tackle this serious issue, the tech giant has

It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Hackers are using a zero day vulnerability in Microsoft's Internet Explorer (IE) web browser and targeting US military personnels in an active attack campaign, dubbed as ' Operation Snowman' . FireEye Researchers have discovered that a U.S. veterans website was compromised to serve a zero day exploit, known as CVE-2014-0322 , which typically involves the compromise of a specific website in order to target a group of visitors known to frequent it. FireEye identified drive-by-download attack which has altered HTML code of the website and introduced JavaScript which creates malicious iFrame. " A zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars' website (VFW[.]org). We believe the attack is a strategic Web compromise targeting American military personnel, amid a paralyzing snowstorm at the U.S. " According to FireEye, the zero day CVE-2014-0322 ' vulnerability is a previously unknown use-after-free bug in Microsof